Rev 2836 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log
Rev | Author | Line No. | Line |
---|---|---|---|
2223 | tom.houday | 1 | #!/bin/bash |
2 | # $Id: alcasar-dns-local.sh 2838 2020-06-21 22:15:26Z rexy $ |
||
1607 | franck | 3 | |
2688 | lucas.echa | 4 | # alcasar-dns-local.sh |
1607 | franck | 5 | # by Rexy - 3abtux |
6 | # This script is distributed under the Gnu General Public License (GPL) |
||
7 | |||
8 | # active ou desactive la redirection du service DNS sur le réseau de consultation |
||
9 | # enable or disable the redirector of internal DNS service on consultation LAN |
||
10 | |||
11 | SED="/bin/sed -i" |
||
12 | |||
13 | ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf" |
||
2688 | lucas.echa | 14 | LOCAL_DOMAIN_CONF_FILE="/etc/unbound/conf.d/common/local-forward/dns-redirector.conf" |
2559 | rexy | 15 | LOCAL_HOSTNAME_FILE="/etc/hosts" |
1607 | franck | 16 | |
17 | # define DNS parameters (LAN side) |
||
2831 | rexy | 18 | INT_DNS_DOMAIN=`grep ^DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2` |
19 | INT_DNS_HOST=`grep ^HOSTNAME $ALCASAR_CONF_FILE|cut -d"=" -f2` |
||
2833 | rexy | 20 | INT_DNS_IP_MASK=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` |
2831 | rexy | 21 | INT_DNS_IP=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2|cut -d"/" -f1` |
22 | INTIF=`grep ^INTIF $ALCASAR_CONF_FILE|cut -d"=" -f2` |
||
23 | INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2` |
||
24 | LOCAL_DNS_FILE="/etc/unbound/conf.d/common/local-dns/$INTIF.conf" |
||
2833 | rexy | 25 | LOCAL_DNS_BLACKHOLE_FILE="/etc/unbound/conf.d/blackhole/iface.$INTIF.conf" |
1607 | franck | 26 | |
2688 | lucas.echa | 27 | usage="Usage: alcasar-dns-local.sh {--on | -on} | {--off | -off} | {--add | -add} ip domain | {--del | -del} ip domain | {--reload | -reload}" |
1607 | franck | 28 | nb_args=$# |
29 | args=$1 |
||
30 | if [ $nb_args -eq 0 ] |
||
31 | then |
||
32 | echo "$usage" |
||
33 | exit 1 |
||
34 | fi |
||
2688 | lucas.echa | 35 | |
2559 | rexy | 36 | function restart_dns(){ |
2688 | lucas.echa | 37 | for dns in unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole |
2559 | rexy | 38 | do |
39 | systemctl restart $dns |
||
40 | done |
||
41 | } |
||
42 | |||
2833 | rexy | 43 | function hosts_to_unbound(){ # configure the unbound conf file with local host names resolution (forward + blackhole) |
2831 | rexy | 44 | cat << EOF > $LOCAL_DNS_FILE |
45 | server: |
||
46 | local-zone: "$INT_DNS_DOMAIN" static |
||
47 | local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP" |
||
48 | local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN" |
||
49 | EOF |
||
2833 | rexy | 50 | cat << EOF > $LOCAL_DNS_BLACKHOLE_FILE |
51 | server: |
||
52 | server: |
||
53 | interface: ${INT_DNS_IP}@56 |
||
54 | access-control-view: $INT_DNS_IP_MASK $INTIF |
||
55 | view: |
||
56 | name: "$INTIF" |
||
57 | local-zone: "." redirect |
||
58 | local-data: ". A $INT_DNS_IP" |
||
59 | local-zone: "$INT_DNS_DOMAIN" static |
||
60 | local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP" |
||
61 | local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN" |
||
62 | EOF |
||
2688 | lucas.echa | 63 | while read -r line |
64 | do |
||
65 | ip_address=$(echo $line | awk '{ print $1 }') |
||
66 | domain=$(echo $line | awk '{ print $2 }') |
||
67 | if ! echo $line | grep -E -q "^([0-9\.\t ]+alcasar( |$)|127\.0\.0)" |
||
68 | then |
||
2833 | rexy | 69 | echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_FILE |
2831 | rexy | 70 | echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_FILE |
2833 | rexy | 71 | echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_BLACKHOLE_FILE |
72 | echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_BLACKHOLE_FILE |
||
2688 | lucas.echa | 73 | fi |
74 | done < $LOCAL_HOSTNAME_FILE |
||
75 | } |
||
76 | |||
1607 | franck | 77 | case $args in |
78 | -\? | -h | --h) |
||
79 | echo "$usage" |
||
80 | exit 0 |
||
81 | ;; |
||
2559 | rexy | 82 | --add|-add) # add a local host resolution |
83 | if [ $nb_args -ne 3 ] |
||
84 | then |
||
85 | echo "$usage" |
||
86 | exit 1 |
||
87 | else |
||
2688 | lucas.echa | 88 | # removing if already exists |
2838 | rexy | 89 | $SED "/^$2[ \t]*$3/d" $LOCAL_HOSTNAME_FILE |
2688 | lucas.echa | 90 | # adding to the hosts file |
2559 | rexy | 91 | echo -e "$2\t$3" >> $LOCAL_HOSTNAME_FILE |
2688 | lucas.echa | 92 | hosts_to_unbound |
2559 | rexy | 93 | restart_dns |
94 | fi |
||
95 | ;; |
||
96 | --del|-del) # remove a local host resolution |
||
97 | if [ $nb_args -ne 3 ] |
||
98 | then |
||
99 | echo "$usage" |
||
100 | exit 1 |
||
101 | else |
||
2838 | rexy | 102 | $SED "/^$2[ \t]*$3/d" $LOCAL_HOSTNAME_FILE |
2688 | lucas.echa | 103 | hosts_to_unbound |
2559 | rexy | 104 | restart_dns |
105 | fi |
||
106 | ;; |
||
2688 | lucas.echa | 107 | --reload|-reload) |
108 | hosts_to_unbound |
||
109 | restart_dns |
||
110 | ;; |
||
2825 | rexy | 111 | --hosts_to_unbound|-hosts_to_unbound) |
112 | hosts_to_unbound |
||
113 | ;; |
||
1607 | franck | 114 | --off|-off) # disable DNS redirector |
2688 | lucas.echa | 115 | #$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE |
116 | rm -f $LOCAL_DOMAIN_CONF_FILE |
||
1607 | franck | 117 | $SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE |
2559 | rexy | 118 | restart_dns |
2688 | lucas.echa | 119 | |
120 | # Reload firewall |
||
121 | /usr/local/bin/alcasar-iptables.sh |
||
1607 | franck | 122 | ;; |
2688 | lucas.echa | 123 | --on|-on) # enable DNS redirector |
124 | #$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE |
||
125 | cat > $LOCAL_DOMAIN_CONF_FILE << EOF |
||
126 | server: |
||
127 | local-zone: "$INT_DNS_DOMAIN." transparent |
||
128 | forward-zone: |
||
129 | name: "$INT_DNS_DOMAIN." |
||
130 | forward-addr: $INT_DNS_IP |
||
131 | EOF |
||
1607 | franck | 132 | $SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=on?g" $ALCASAR_CONF_FILE |
2559 | rexy | 133 | restart_dns |
2688 | lucas.echa | 134 | # Reload firewall |
135 | /usr/local/bin/alcasar-iptables.sh |
||
1607 | franck | 136 | ;; |
137 | *) |
||
2688 | lucas.echa | 138 | echo "Argument inconnu : $1"; |
1607 | franck | 139 | echo "$usage" |
140 | exit 1 |
||
141 | ;; |
||
142 | esac |